feat: initial Assemblyline support

Signed-off-by: Richard Zak <[email protected]>

Author: rjzak

Cargo.lock

@@ -15,6 +15,7 @@ build = "build.rs"
 default = []
 admin = ["dep:dialoguer", "dep:flate2", "malwaredb-server/admin", "dep:chrono", "dep:walkdir", "dep:zip"]
 admin-gui = ["malwaredb-server/admin", "dep:slint", "dep:slint-build", "futures/executor"]
+assemblyline = ["malwaredb-server/assemblyline"]
 sqlite = ["malwaredb-server/sqlite"]
 vt = ["malwaredb-server/vt", "dep:malwaredb-virustotal"]
 
@@ -99,6 +100,7 @@ aes-gcm = { version = "0.10.3", default-features = false }
 anyhow = { version = "1.0", default-features = false }
 app-memory-usage-fetcher = { version = "0.2.1", default-features = false }
 argon2 = { version = "0.5.3", default-features = false }
+assemblyline-markings = { version = "0.1.10", default-features = false }
 axum = { version = "0.8.4", default-features = false }
 axum-server = { version = "0.7.2", default-features = false }
 base64 = { version = "0.22.1", default-features = false }

Cargo.toml

@@ -10,7 +10,12 @@ description = "Common API endpoints and data types for MalwareDB components."
 keywords.workspace = true
 categories = ["api-bindings", "data-structures"]
 
+[features]
+default = []
+assemblyline = ["dep:assemblyline-markings"]
+
 [dependencies]
+assemblyline-markings = { workspace = true, optional = true }
 chrono = { workspace = true, features = ["serde"] }
 hex = { workspace = true, features = ["alloc"] }
 serde = { workspace = true, features = ["derive", "std"] }

crates/api/Cargo.toml

@@ -0,0 +1,27 @@
+use assemblyline_markings::config::ClassificationMarking;
+use serde::{Deserialize, Serialize};
+
+/// API endpoint for uploading a sample, POST, Authenticated for use by Assemblyline
+pub const UPLOAD_SAMPLE: &str = "/v1/assemblyline/samples/upload";
+
+/// New file sample being sent to `MalwareDB`
+#[derive(Clone, Debug, Deserialize, Serialize)]
+pub struct NewSample {
+    /// The original file name, might not be known
+    pub file_name: String,
+
+    /// ID of the source for this sample
+    pub source_id: u32,
+
+    /// Base64 encoding of the binary file
+    pub file_contents_b64: String,
+
+    /// SHA-256 of the sample being sent, for server-side validation
+    pub sha256: String,
+
+    /// Security control for Assemblyline integration based on <https://www.first.org/tlp/>
+    pub assemblyline_tlp: ClassificationMarking,
+
+    /// Assemblyline's analysis data
+    pub assemblyline_data: serde_json::Map<String, serde_json::Value>,
+}

crates/api/src/assemblyline.rs

@@ -6,6 +6,9 @@
 #![deny(clippy::pedantic)]
 #![forbid(unsafe_code)]
 
+/// Data types and API endpoints for Assemblyline integration
+#[cfg(feature = "assemblyline")]
+pub mod assemblyline;
 /// Wrapper for fixed-size hash digests from hex strings
 pub mod digest;
 

crates/api/src/lib.rs

@@ -14,6 +14,7 @@ build = "build.rs"
 [features]
 default = []
 admin = []
+assemblyline = ["malwaredb-api/assemblyline"]
 sqlite = ["dep:rusqlite"]
 vt = ["dep:malwaredb-virustotal", "postgres/with-serde_json-1"]
 

crates/server/Cargo.toml

@@ -30,6 +30,8 @@ CREATE TABLE file (
     nonce bytea[],
     key int REFERENCES encryptionkey(id),
     parent bigint REFERENCES file(id),
+    assemblyline_data json,
+    assemblyline_tlp text,
     PRIMARY KEY (id)
 );
 

crates/server/src/db/malwaredb_pg.sql

@@ -47,7 +47,9 @@ CREATE TABLE file (
     confirmedmalicious integer, -- boolean
     nonce text, -- hex bytes
     key int REFERENCES encryptionkey(id),
-    parent int REFERENCES file(id)
+    parent int REFERENCES file(id),
+    assemblyline_data text, -- JSON
+    assemblyline_tlp text
 );